ICMPv6 "too-big" packets ignored (filtered ?) by Cloudflare farms

• Previous message (by thread): ICMPv6 "too-big" packets ignored (filtered ?) by Cloudflare farms
• Next message (by thread): ICMPv6 "too-big" packets ignored (filtered ?) by Cloudflare farms
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Mar 5, 2019 at 12:09 PM Joel Jaeggli <joelja at bogus.com> wrote:

> Parsing the icmp payload was something we considered in  rfc7690 but wasn’t one the approaches we pursued (we broadcasted the ptb to all hosts on the segment(s) behind the load balancers in our original implementation).
>
> It actually seems like it is becoming feasible to do in an Ethernet switch ASIC like tofino if that is what you want to burn real estate on. Being worthwhile is another matter.

It is definitely possible in all relevant existing NPUs like Trio,
Solar, FP, EZChip, Lightspeed et.al. As it is within visibility of
lookup engine and it is at fixed offset. So not only possible but also
cheap.

-- 
  ++ytti

• Previous message (by thread): ICMPv6 "too-big" packets ignored (filtered ?) by Cloudflare farms
• Next message (by thread): ICMPv6 "too-big" packets ignored (filtered ?) by Cloudflare farms
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]